Security: ChromeOS Exploit persistence via symlink

Issue description

Breakout bug for a portion of the exploit chain described in issue 648971 .
------
This is similar to what geohot did in https://crbug.com/351788
Snippet from /etc/init/ui-collect-machine-info.conf:
env UI_MACHINE_INFO_FILE=/var/run/session_manager/machine-info
dump_vpd_log --full --stdout > "${UI_MACHINE_INFO_FILE}"
The exploit symlinks machine-info to /run/modprobe.d which is a configuration file for modprobe. dump_vpd_log writes /mnt/stateful_partition/unencrypted/cache/vpd/full-v2.txt into /run/modprobe.d. The exploit places the "install modulename command..." clause into full-v2.txt to launch a command at boot.
There are difficulties though and the exploit uses symlinks extensively to overcome them. Here is a list:
1) /var/run/session_manager/machine-info -> /run/modprobe.d
Written to by /etc/init/ui-collect-machine-info.conf
2) /var/run -> /var/real_run
/var/run normally points to /run tmpfs, so redirect it to a stateful partition
3) /var/log -> /run
login_manager creates the /var/log/chrome directory. Use it to create the /run/chrome directory.
4) /mnt/stateful_partition/unencrypted/preserve/attestation.epb -> /dev/net/
/etc/init/cryptohomed.conf moves /mnt/stateful_partition/home/.shadow/attestation.epb to /mnt/stateful_partition/unencrypted/preserve/attestation.epb. Use it to move a device file into /dev/net.
5) /var/lib/metrics/uma-events -> /dev/net/attestation.epb
The uma-events file is often accessed by metrics. Link it to attestation.epb device file. Accessing the device triggers modprobe.

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.
For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!
If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.
Thanks for your time! To disable nags, add the Disable-Nags label.
For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!
If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.
Thanks for your time! To disable nags, add the Disable-Nags label.
For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot